cpe:/a:myknowledgequest:knowledgequest:2.6 CVE-2008-1726 2008-04-11T15:05:00.000-04:00 2017-09-28T21:30:50.740-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-04-14T09:17:00.000-04:00 ALLOWS_OTHER_ACCESS BID 28713 BID 28716 SECUNIA 29716 OSVDB 44254 OSVDB 44255 OSVDB 44256 EXPLOIT-DB 5421 XF knowledgequest-kqid-username-sql-injection(41746) Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.